<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="zh-CN" lang="zh-CN">
<head>
	<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
	<meta name="viewport" content="width=device-width, initial-scale=1.0">
	<meta name="keywords" content="SecWiki，维基，安全，资讯，专题，导航，RSS聚合，Ｗeb安全，Ｗeb安全，移动平台，二进制安全，恶意分析，网络安全，设备安全，运维技术，编程技术，书籍推荐">
	<title>SecWiki周刊（第79期)</title>
	<link rel="stylesheet" type="text/css" href="https://secwiki.b0.upaiyun.com/css/bootstrap.css"/>
    <link rel="stylesheet" type="text/css" href="https://secwiki.b0.upaiyun.com/css/styles.css" />
    <link rel="stylesheet" type="text/css" href="https://secwiki.b0.upaiyun.com/css/people.css" />
    <link rel="shortcut icon" href="https://secwiki.b0.upaiyun.com/img/favicon.ico">
	<meta name="viewport" content="width=device-width, initial-scale=1.0" />
    <script src="//upcdn.b0.upaiyun.com/libs/jquery/jquery-1.8.3.min.js"></script>
</head>

<body>
<div class="navbar navbar-fixed-top"><div class="navbar-inner"><div class="container"><a class="btn btn-navbar" data-toggle="collapse" data-target="#yii_bootstrap_collapse_0"><span class="icon-bar"></span><span class="icon-bar"></span><span class="icon-bar"></span></a><a href="/index.php" class="brand"><img src="https://secwiki.b0.upaiyun.com/logo.jpg" alt="" /></a><div class="nav-collapse collapse" id="yii_bootstrap_collapse_0"><form class="navbar-search pull-right" action="/news/search">
         <input type="text" class="search-query span2" name="wd" placeholder="SecWiki">
        </form>
    	<ul id="yw0" class="nav"><li><a href="/index.php">首页</a></li><li><a href="/event">新闻</a></li><li><a href="/news">技术</a></li><li><a href="/skill">技能</a></li><li><a href="/topic">专题</a></li><li><a href="/book">书籍</a></li><li><a href="/user/members">成员</a></li><li><a href="/opml/index">聚合</a></li><li><a href="/tougao/create">投稿</a></li></ul></div></div></div></div>
<div class="container" id="page">
			<!-- breadcrumbs -->
	
    <div style="margin-left: 15px;">
	    <div class="row-fluid">
    <div id="content">
            <link rel="stylesheet" type="text/css" href="/css/mweekly.css"/>

<h5><strong>SecWiki周刊（第79期）</strong></h5>
<blockquote> 2015/08/31-2015/09/06</blockquote>
<section id="news">
    <div class="weeklydivide">
      <strong>安全资讯</strong>
    </div><div class="single"><span id="tags">[数据挖掘]&nbsp;&nbsp;</span>我从Ashley Madison事件中学到的<br><a target="_blank" href="http://drops.wooyun.org/news/8295">http://drops.wooyun.org/news/8295</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>Google 镜像站搜集<br><a target="_blank" href="http://www.itechzero.com/google-mirror-sites-collect.html">http://www.itechzero.com/google-mirror-sites-collect.html</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>China and Russia are using hacked data to target U.S. spies<br><a target="_blank" href="http://www.latimes.com/nation/la-na-cyber-spy-20150831-story.html">http://www.latimes.com/nation/la-na-cyber-spy-20150831-story.html</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>12 Must-Follow Feeds in the World of Security<br><a target="_blank" href="http://www.wired.com/2015/09/12-must-follow-feeds-world-security/">http://www.wired.com/2015/09/12-must-follow-feeds-world-security/</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>Microsoft&#039;s Project Sonar: Malware detonation as a service<br><a target="_blank" href="http://www.zdnet.com/article/microsofts-project-sonar-malware-detonation-as-a-service/">http://www.zdnet.com/article/microsofts-project-sonar-malware-detonation-as-a-service/</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>高通的新手机芯片将能识别恶意程序<br><a target="_blank" href="http://www.solidot.org/story?sid=45342">http://www.solidot.org/story?sid=45342</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>DDoS Attackers Double Down on Gambling Sites<br><a target="_blank" href="https://www.incapsula.com/blog/ddos-attackers-double-down-on-gambling-sites.html">https://www.incapsula.com/blog/ddos-attackers-double-down-on-gambling-sites.html</a></div></section><section id="news">
    <div class="weeklydivide">
      <strong>安全技术</strong>
    </div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>BWAPP：一款非常好用的漏洞演示平台<br><a target="_blank" href="http://www.freebuf.com/tools/76885.html">http://www.freebuf.com/tools/76885.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>python修改linux日志(logtamper.py)<br><a target="_blank" href="http://www.secoff.net/archives/475.html">http://www.secoff.net/archives/475.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>HITCON 2015 IoT Wargame – R0 挑戰題<br><a target="_blank" href="http://kb.hitcon.org/post/127947378507/hitcon-2015-iot-wargame-r0-%E6%8C%91%E6%88%B0%E9%A1%8C">http://kb.hitcon.org/post/127947378507/hitcon-2015-iot-wargame-r0-%E6%8C%91%E6%88%B0%E9%A1%8C</a></div><div class="single"><span id="tags">[论文]&nbsp;&nbsp;</span>NIPS 2015 List of Accepted Papers<br><a target="_blank" href="https://nips.cc/Conferences/2015/AcceptedPapers">https://nips.cc/Conferences/2015/AcceptedPapers</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>HitCon-2015-spartan-0day-exploit<br><a target="_blank" href="https://github.com/exp-sky/HitCon-2015-spartan-0day-exploit">https://github.com/exp-sky/HitCon-2015-spartan-0day-exploit</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>Research Spotlight: Learning Detectors of Malicious Network Traffic<br><a target="_blank" href="http://blogs.cisco.com/security/talos/machine-learning-detectors">http://blogs.cisco.com/security/talos/machine-learning-detectors</a></div><div class="single"><span id="tags">[取证分析]&nbsp;&nbsp;</span>mitmproxy套件使用攻略及定制化开发<br><a target="_blank" href="http://www.freebuf.com/tools/76361.html">http://www.freebuf.com/tools/76361.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>利用 Appcache 和 ServiceWorker 进行持久型session hijacking 和 XSS<br><a target="_blank" href="http://bluereader.org/article/72405088">http://bluereader.org/article/72405088</a></div><div class="single"><span id="tags">[视频]&nbsp;&nbsp;</span>Machine vs. Machine: Inside DARPA’s Fully Automated CTF<br><a target="_blank" href="https://www.youtube.com/watch?v=gnyCbU7jGYA&amp;feature=youtu.be">https://www.youtube.com/watch?v=gnyCbU7jGYA&amp;feature=youtu.be</a></div><div class="single"><span id="tags">[取证分析]&nbsp;&nbsp;</span>osquery :: Performant Endpoint Visibility<br><a target="_blank" href="https://osquery.io/">https://osquery.io/</a></div><div class="single"><span id="tags">[数据挖掘]&nbsp;&nbsp;</span>Applying Machine Learning to Network Security Monitoring<br><a target="_blank" href="https://www.blackhat.com/docs/webcast/05152014-applying-machine-learning-to-network-security-monitoring.pdf">https://www.blackhat.com/docs/webcast/05152014-applying-machine-learning-to-network-security-monitoring.pdf</a></div><div class="single"><span id="tags">[文档]&nbsp;&nbsp;</span>隐蔽的战场—Flash Web攻击<br><a target="_blank" href="https://github.com/evilcos/papers/blob/master/%E9%9A%90%E8%94%BD%E7%9A%84%E6%88%98%E5%9C%BA%E2%80%94Flash%20Web%E6%94%BB%E5%87%BB.pptx">https://github.com/evilcos/papers/blob/master/%E9%9A%90%E8%94%BD%E7%9A%84%E6%88%98%E5%9C%BA%E2%80%94Flash%20Web%E6%94%BB%E5%87%BB.pptx</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>运维安全概述<br><a target="_blank" href="http://drops.wooyun.org/%e8%bf%90%e7%bb%b4%e5%ae%89%e5%85%a8/8169">http://drops.wooyun.org/%e8%bf%90%e7%bb%b4%e5%ae%89%e5%85%a8/8169</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>IP Ranges - Private IP Address Range<br><a target="_blank" href="http://www.ipaddresslocation.org/ip_ranges/get_ranges.php">http://www.ipaddresslocation.org/ip_ranges/get_ranges.php</a></div><div class="single"><span id="tags">[无线安全]&nbsp;&nbsp;</span>破解使用radius实现802.1x认证的企业无线网络<br><a target="_blank" href="http://drops.wooyun.org/tools/8294">http://drops.wooyun.org/tools/8294</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>运营商渗透测试与挑战<br><a target="_blank" href="http://blog.nsfocus.net/the-challenge-in-penetration-test-for-isp/">http://blog.nsfocus.net/the-challenge-in-penetration-test-for-isp/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>ColdFusion Bomb: A Chain Reaction From XSS to RCE<br><a target="_blank" href="https://www.bishopfox.com/blog/2015/08/coldfusion-bomb-a-chain-reaction-from-xss-to-rce/">https://www.bishopfox.com/blog/2015/08/coldfusion-bomb-a-chain-reaction-from-xss-to-rce/</a></div><div class="single"><span id="tags">[论文]&nbsp;&nbsp;</span>General Writing Resources<br><a target="_blank" href="https://owl.english.purdue.edu/owl/section/1/">https://owl.english.purdue.edu/owl/section/1/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>OWASP_Testing_Guide_v4<br><a target="_blank" href="https://www.owasp.org/images/5/52/OWASP_Testing_Guide_v4.pdf">https://www.owasp.org/images/5/52/OWASP_Testing_Guide_v4.pdf</a></div><div class="single"><span id="tags">[文档]&nbsp;&nbsp;</span>KCon 2015<br><a target="_blank" href="https://github.com/knownsec/KCon/tree/master/KCon%202015">https://github.com/knownsec/KCon/tree/master/KCon%202015</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>Extracting Windows Users Password Hints with PowerShell<br><a target="_blank" href="http://www.labofapenetrationtester.com/2015/09/extracting-windows-users-password-hints.html">http://www.labofapenetrationtester.com/2015/09/extracting-windows-users-password-hints.html</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>Research on the state of public FTP servers<br><a target="_blank" href="http://findex.cedsys.nl/research/mass-ftp-crawling/">http://findex.cedsys.nl/research/mass-ftp-crawling/</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>Linux workstation security checklist<br><a target="_blank" href="https://github.com/lfit/itpol/blob/master/linux-workstation-security.md">https://github.com/lfit/itpol/blob/master/linux-workstation-security.md</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>Shellter:dynamic shellcode injection tool<br><a target="_blank" href="https://www.shellterproject.com/introducing-shellter/">https://www.shellterproject.com/introducing-shellter/</a></div><div class="single"><span id="tags">[设备安全]&nbsp;&nbsp;</span>Belkin F9K1111 V1.04.10 Firmware Analysis<br><a target="_blank" href="http://blog.vectranetworks.com/blog/belkin-analysis">http://blog.vectranetworks.com/blog/belkin-analysis</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>The Good, the Bad, and the Parked<br><a target="_blank" href="https://labs.opendns.com/2015/09/01/the-good-the-bad-and-the-parked/">https://labs.opendns.com/2015/09/01/the-good-the-bad-and-the-parked/</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>BGP for Humans: Making Sense of Border Gateway Protocol<br><a target="_blank" href="https://www.incapsula.com/blog/bgp-routing-explained.html">https://www.incapsula.com/blog/bgp-routing-explained.html</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>MMD-0041-2015 - Reversing PE Mail-Grabber Spambot &amp; its c99 Gate<br><a target="_blank" href="http://blog.malwaremustdie.org/2015/09/mmd-0041-2015-reversing-pe-mail-grabber.html">http://blog.malwaremustdie.org/2015/09/mmd-0041-2015-reversing-pe-mail-grabber.html</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>A Brief History of Spear Phishing<br><a target="_blank" href="http://resources.infosecinstitute.com/a-brief-history-of-spear-phishing/">http://resources.infosecinstitute.com/a-brief-history-of-spear-phishing/</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>Shifu: A new interesting Banking Trojan<br><a target="_blank" href="http://marcoramilli.blogspot.com/2015/09/shifu-new-interesting-banking-trojan.html">http://marcoramilli.blogspot.com/2015/09/shifu-new-interesting-banking-trojan.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>HTTP Evader - Automate Firewall Evasion Tests<br><a target="_blank" href="http://noxxi.de/research/http-evader.html">http://noxxi.de/research/http-evader.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>PHP unserialization vulnerabilities: What are we missing<br><a target="_blank" href="http://www.slideshare.net/_s_n_t/php-unserialization-vulnerabilities-what-are-we-missing">http://www.slideshare.net/_s_n_t/php-unserialization-vulnerabilities-what-are-we-missing</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Sleepy Puppy XSS Payload Management Framework<br><a target="_blank" href="https://github.com/Netflix/sleepy-puppy">https://github.com/Netflix/sleepy-puppy</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>PlugX Threat Activity in Myanmar<br><a target="_blank" href="http://pages.arbornetworks.com/rs/082-KNA-087/images/ASERT%20Threat%20Intelligence%20Brief%202015-05%20PlugX%20Threat%20Activity%20in%20Myanmar.pdf">http://pages.arbornetworks.com/rs/082-KNA-087/images/ASERT%20Threat%20Intelligence%20Brief%202015-05%20PlugX%20Threat%20Activity%20in%20Myanmar.pdf</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>You are the WM<br><a target="_blank" href="http://blog.z3bra.org/2015/01/you-are-the-wm.html?hn">http://blog.z3bra.org/2015/01/you-are-the-wm.html?hn</a></div><div class="single"><span id="tags">[移动安全]&nbsp;&nbsp;</span>KeyRaider: iOS Malware Steals Over 225,000 Apple Accounts<br><a target="_blank" href="http://researchcenter.paloaltonetworks.com/2015/08/keyraider-ios-malware-steals-over-225000-apple-accounts-to-create-free-app-utopia/">http://researchcenter.paloaltonetworks.com/2015/08/keyraider-ios-malware-steals-over-225000-apple-accounts-to-create-free-app-utopia/</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>ROVNIX攻击平台分析 -利用WordPress平台传播的多插件攻击平台<br><a target="_blank" href="http://drops.wooyun.org/papers/7478">http://drops.wooyun.org/papers/7478</a></div><div class="single"><span id="tags">[文档]&nbsp;&nbsp;</span>IT Security Catalog v.2.0<br><a target="_blank" href="https://www.gitbook.com/content/book/arthurgerkis/it-sec-catalog/index.html">https://www.gitbook.com/content/book/arthurgerkis/it-sec-catalog/index.html</a></div></section>
<section id="news">
        <pre style="margin-top: 15px; margin-bottom: 15px; padding: 6px 10px; max-width: 100%; color: rgb(62, 62, 62); background-color: rgb(255, 255, 255); -webkit-print-color-adjust: exact; border-width: 1px; border-style: solid; border-color: rgb(204, 204, 204); font-size: 13px; line-height: 19px; overflow: auto; border-radius: 3px; box-sizing: border-box !important; word-wrap: break-word !important;"><code class="" style="max-width: 100%; -webkit-print-color-adjust: exact; border-width: initial; border-style: none; border-color: initial; background-color: transparent; border-radius: 3px; box-sizing: border-box !important; word-wrap: break-word !important;">-----微信ID：SecWiki-----
SecWiki，5年来一直专注安全技术资讯分析！
SecWiki：https://www.sec-wiki.com</code></pre>
    <p style="max-width: 100%; min-height: 1em; color: rgb(62, 62, 62); font-size: 16px; white-space: normal; background-color: rgb(255, 255, 255); box-sizing: border-box !important; word-wrap: break-word !important;"><span style="max-width: 100%; font-size: 14px; box-sizing: border-box !important; word-wrap: break-word !important;">本期原文地址:<span style="max-width: 100%; font-family: Helvetica, arial, sans-serif; box-sizing: border-box !important; word-wrap: break-word !important;">&nbsp;<a href="https://www.sec-wiki.com/weekly/79">SecWiki周刊(第79期)</a></span><br style="max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important;"></span></p>
</section>
    </div><!-- content -->
</div>
    </div>
</div>

<div id="footer" class="footer">
		<div class="container"  style="margin-top: 5px;">
			<div class="span3">
				<div class="one-third column">
					<h5 class="title">
					<a target="_blank" href="/about/index">最新公告</a>						<span class="line"></span>
					</h5>
					<p>
						<a href='http://www.sec-wiki.com/about/donate'>2016-01-01 打赏功能开通</a><br>
						<a href='http://www.sec-wiki.com/about/join'>2015-01-05 如何加入SecWiki</a><br>
						<a href='http://www.sec-wiki.com/about/submit'>2014-08-08 如何快捷提交资讯</a><br>
						<a href='http://www.sec-wiki.com/about/index'>2012-07-01 关于SecWiki</a><br>
				</div>
			</div>

			<div class="span5">
				<div class="one-third column">
					<h5 class="title">
						<a target="_blank" href="/nav/index">友情链接</a>						<span class="line"></span>
					</h5>
					<p>
						<a href='https://www.secsilo.com/'>安全沙漏</a>&nbsp;
						<a href='http://www.freebuf.com/'>Freebuf</a>&nbsp;
						<a href='http://www.anquanquan.info/'>安全圈</a>&nbsp;
						<a href='http://navisec.it/'>Navisec</a>&nbsp;
                        <a href='http://das.scusec.org'>小黑屋</a>&nbsp;
                        <a href='http://www.polaris-lab.com/'>勾陈Lab</a>
                        <br>
						<a href='http://www.ijiandao.com'>网络尖刀</a>&nbsp;
                        <a href='http://www.shellpub.com/'>ShellPub</a>&nbsp;
                        <a href='http://www.secpulse.com/?secwiki'>SecPulse</a>&nbsp;
                        <a href='https://www.secquan.org/'>圈子</a>
                        <a href='http://bluereader.org/'>深蓝阅读</a>&nbsp;<br>
                        <a href='http://www.bugbank.cn/'>漏洞银行</a>
                        <a href='http://bobao.360.cn/'>安全客</a>
                        <a href='http://www.secfree.com/'>指尖安全</a>
                        <a href='https://www.easyaq.com/'>E安全</a>
                        <a href='http://www.vipread.com/'>安全slide</a>

                        <a href="/link">更多</a>
					</p>
				</div>
			</div>

			<div class="span2">
			    <div class="one-third column">
					<h5 class="title">
					<a target="_blank" href="/about/index">SecWiki公众号</a>						<span class="line"></span>
					</h5>
					<div style="margin-top:15px; width: 90px; height: 90px;">
						<img src="https://secwiki.b0.upaiyun.com/weixin.jpg">
					</div>
				</div>
			</div>

			<div class="span2">
				<div class="one-third column">
					<h5 class="title">
					<a target="_blank" href="/about/donate">安全学术圈</a>					<span class="line"></span>
					</h5>
					<div style="margin-top:15px; width: 90px; height: 90px;">
						<img src="https://secwiki.b0.upaiyun.com/secquan.jpg">
					</div>
				</div>
			</div>

		</div>
		<div class="container" style="margin-top:5px;margin-bottom: 10px;">
			<div class="span9">
					Copyright &copy;
					2019                    琼ICP备16003361号-4
                    SecWiki
					<a href="/news/rss">
						<img src="/img/rss.gif" border="0" width="36px" height="14px" alt="订阅SecWiki">
					</a>
					<a href="https://www.upyun.com/">
						<img src="https://secwiki.b0.upaiyun.com/upyun.png" width="80" border="0" alt="UPYUN">
					</a>
					<a href="http://www.vultr.com/?ref=6885244">
						<img src="https://secwiki.b0.upaiyun.com/vultr.png" width="100" border="0" alt="vultr">
					</a>&nbsp;&nbsp;
			</div>
		</div>
</div><!-- footer -->
<div id="csswithjs">
        <script type="text/javascript">
            var _bdhmProtocol = (("https:" == document.location.protocol) ? " https://" : " http://");
            document.write(unescape("%3Cscript src='" + _bdhmProtocol + "hm.baidu.com/h.js%3Fbad84ea1f314383f8da7949aad5c2199' type='text/javascript'%3E%3C/script%3E"));
    </script>
</div>
<script type="text/javascript" src="https://secwiki.b0.upaiyun.com/js/bs.min.js"></script>
<script type="text/javascript">
/*<![CDATA[*/
jQuery(function($) {
jQuery('[data-toggle=popover]').popover();
jQuery('body').tooltip({"selector":"[data-toggle=tooltip]"});
jQuery('#yii_bootstrap_collapse_0').collapse({'parent':false,'toggle':false});
});
/*]]>*/
</script>
</body>
<!-- page -->
</html>
